This article first appeared as part of The Rand Corporation’s release of the publication of the proceedings for the Rand Center for Ethics and Governance, May 2, 2013, symposium, "Culture, Compliance and the C-Suite: How Executives, Boards and Policy-Makers Can Better Safeguard Against Misconduct at the Top.” The symposium brought together a group of twenty thought leaders from government, business, and nonprofit backgrounds, to discuss the structural factors that tend to put C-suite executives at heightened risk for misconduct, and practical steps that can be taken to mitigate the risk. The full report is available at http://www.rand.org/pubs/conf_proceedings/CF316.html.

The press, members of Congress, and judges have become increasingly vocal in condemning what they perceive to be inadequate criminal prosecution of executives responsible for corporate crimes. In response, U.S. Department of Justice (DOJ) officials have consistently stated that prosecuting such individuals is a high priority. The opposing views highlight the tension between public pressure to hold high-profile executives responsible, and DOJ’s need to have evidence to support a conviction (based on proof beyond a reasonable doubt) before proceeding with a criminal prosecution.

In particular, the DOJ’s increased use of Deferred Prosecution Agreements (DPAs), Non Prosecution Agreements (NPAs), and civil settlements to obtain record fines and penalties from corporate defendants has been highly controversial. Criticism and calls for more vigorous prosecution of executives have come from the press, members of Congress, and judges. The New York Times, Op Ed columnist, Joe Nocera wrote,

corporate executives need to be prosecuted when corporate crimes take place. It sends a signal to every other executive about what is — and is not — acceptable behavior. The threat of prison can change a culture faster and more effectively than even the heftiest fine.

In a similar vein, Senator Arlen Spector criticized the initial absence in 2010 of any individual prosecutions in the Siemens FCPA case, and demanded an explanation for why DOJ avoided charging individuals in the biggest FCPA case in history. Subsequently eight individuals were indicted; however none of the eight have been apprehended or prosecuted.2

Even more concerning is the fact that the individuals responsible for these failures are not being held accountable. The Department has not prosecuted a single employee of HSBC—no executives, no directors, no AML compliance staff members, no one. By allowing these individuals to walk away without any real punishment, the Department is declaring that crime actually does pay. Functionally, HSBC has quite literally purchased a get-out-of-jail-free card for its employees for the price of 1.92 billion dollars.3

Meanwhile in the judiciary, U.S. District Court Judge, Jed Rakoff, recently commented on his decision to deny the initial proposed Consent Judgment between the SEC and Bank of America (BAC). Judge Rakoff noted that among its flaws was “the fact that no individual was named for what the SEC asserted was a blatant fraud orchestrated from the very top.”4

Despite the public pressure, the DOJ necessarily remains constrained by the need to ensure that a prosecution is warranted by sufficient evidence, and is not merely undertaken as publicity grab. Federal prosecutors have an obligation to ensure that in exercising their discretion to prosecute or not, the decision “should promote the reasoned exercise of prosecutorial authority and contribute to the fair, evenhanded administration of the Federal criminal laws.”5 The Principles of Federal Prosecution state that prosecutors

should commence or recommend Federal prosecution if he/she believes that the person’s conduct constitutes a Federal offense and that the admissible evidence will probably be sufficient to obtain and sustain a conviction, unless, in his/her judgment, prosecution should be declined because: No substantial Federal interest would be served by prosecution; The person is subject to effective prosecution in another jurisdiction; or There exists an adequate non-criminal alternative to prosecution.6

The fact that a company has entered into a DPA or NPA does not mean, without more, that the DOJ will not prosecute responsible individuals. In fact, the standard DPA provisions require the company to cooperate with any investigation or prosecution of responsible individuals, including corporate executives. The standard DPA does not contain any agreement by the DOJ not to prosecute responsible individuals.

The continued drumbeat of public criticism, together with the DOJ’s assurance that it will aggressively prosecute individuals when warranted by the evidence, portend more aggressive action to prosecute executives in the future. Recent prosecutions of C-suite executives suggest that the DOJ’s public assurances are being backed up by action.

This paper offers an overview of cases and trends in the prosecution of fraud in the C-suite and in the post Enron era, and extracts from those proceedings what preventive measures corporations and executives can learn from these government enforcement actions. While increased prosecution of responsible individuals sends a strong deterrent message, prosecution by itself is not sufficient to prevent and detect fraud in the C-suite. The complex cases that are the basis for most DPAs and NPAs demonstrate a gap between those cases where C-suite executives actually committed and are prosecuted for fraud, and many other cases where executives may have condoned fraud or failed to inquire when presented with allegations or red flags of fraud, but in which the DOJ determined the evidence insufficient to successfully prosecute the executives.

The DOJ is attempting to address this gap proactively, by shifting the compliance posture of major companies, and thereby making it more difficult for senior executives to turn a blind eye to instances of fraud. The DOJ is pursuing this course through its DPA provisions, which typically require: (1) increased independence of the Chief Ethics and Compliance Officer (CECO); (2) tying executive bonuses to meeting compliance standards; and (3), implementation of “claw back” provisions related to deferred compensation bonuses of senior executives. As this trend in DPAs continues, corporate boards need to consider whether to implement such measures independently, even in companies not immediately at risk for prosecution. By doing so, boards can seek to improve the effectiveness of their C&E programs, and to minimize the risk of senior executive misconduct and DOJ prosecution in the future.

More on the DOJ 'Prosecution Gap': the Growing Importance of DPAs and NPAs

There is no single source for detailed data on DOJ’s corporate fraud prosecutions. While the Bureau of Justice Statistics (BJS)7 does collect prosecution and conviction data and publish periodic reports, the focus of BJS is on the large categories of federal crime such as illicit immigration, drugs, weapons and violent crime. The BJS summary reports do not contain any descriptions of DOJ activities and results related to corporate executive fraud.8

Meanwhile, some of the public criticism of DOJ has found support in a Government Accountability Office (GAO) audit that found:

DOJ made more frequent use of DPAs and NPAs in recent years

DPAs increased from 4 in FY 2003 to 38 in FY 2007 and declined slightly to 24 in FY 2008 and 23 in FY 2009

From FY 2004 to FY 2009, for U.S. Attorney’s Offices, the number of DPAs and NPAs was less than the number of corporate prosecutions, whereas for the Criminal Division, the number of DPAs and NPAs was comparable to the number of corporate prosecutions.9

Additional data on the use of DPAs and NPAs has been collected by the law firm of Gibson, Dunn and Crutcher, LLP, and shows that the number of DPAs and NPAs rebounded to 39 in 2010, 29 in 2011, and 35 in 2012.10 In addition, the data reflects a staggering increase in the total monetary recovery from DPAs, ranging from a paltry $300,000 in 2003 to a record $9 billion in 2012.

DOJ’S Response to Criticism of Its Prosecutorial Vigor

In responding to the criticisms, Assistant Attorney General Lanny Breuer recently explained that

until roughly 20 years ago, prosecutors in the United States, when they encountered corporate misconduct, were usually faced with a stark choice—either to indict, or walk away,,, The increased use of DPAs has meant far greater accountability for corporate wrongdoing. Whereas prosecutors often declined when their only choice was to indict or walk away, now companies know that avoiding the disaster scenario of an indictment does not mean an escape from accountability.11

To address the claims that DPAs undermine individual punishment, Breuer has emphasized that “individual wrong doers can never secure immunity through corporate resolution.”12 He has pointed to the fact that it is a long standing policy of the DOJ, as stated in the Principles of Federal Prosecution,13 to prosecute individuals when warranted by the evidence. In fact, Breuer himself has repeatedly asserted that the strongest deterrent against corporate wrongdoing is the prospect of prison time.14 The DOJ policy on this point is also spotlighted in the Principles of Federal Prosecution of Business Organizations, which state that

[b]ecause a corporation can act only through individuals, imposition of individual criminal liability may provide the strongest deterrent against future corporate wrongdoing. Only rarely should provable individual culpability not be pursued, particularly if it relates to high-level corporate officers, even in the face of an offer of a corporate guilty plea or some other disposition of the charges against the corporation.15

In his speeches, Breuer has repeatedly referred to specific examples to demonstrate that a DPA or NPA does not mean an escape from personal criminal liability, and that the DOJ will prosecute responsible corporate executives in appropriate instances. The examples have included the prosecution of criminal trade secret theft charges against Kolon Industries, a South Korean corporation, and five Kolon executives and employees;16 the fraud conviction and 30-year prison sentence of Lee Bentley Farkas, the former Chairman of Taylor Bean & Whitaker, one of the largest private mortgage lending companies in the country;17 and the conviction and 110-year prison sentence of R. Allen Stanford, who misappropriated $7 billion from Stanford International Bank.18

Recent Cases

A close review of recent case developments sheds more light on the complexities of DOJ criminal prosecution decisions, and the pursuit of DPAs/NPAs, in cases involving corporate fraud.

For example, in June 2012, the DOJ used an NPA to resolve allegations of criminal wrongdoing against Barclays Bank over the bank’s role in the manipulation of the London Interbank Offered Rate, or LIBOR. In addition to a $160 million fine, Barclays paid a significant price for its conduct. In the wake of the DOJ announcement, the top management of the bank was replaced. However, the DOJ also recognized that Barclays’ cooperation with its investigation was extraordinary, which is why an NPA was appropriate.

Meanwhile, the July 2009 FCPA jury trial conviction of Fredric Bourke, founder of handbag maker Dooney & Bourke, provides a powerful reminder that executives can face personal criminal liability, even when their misconduct is limited to turning a blind eye to instances of fraud or bribery. As Pepper Hamilton law partner Gregory Paw notably pointed out,19the jury concluded it was Bourke’s job to know about and prevent the bribes to foreign officials. In finding Bourke guilty, jurors emphasized the importance of the court’s “head in the sand” instructions. The foreperson summarized the rationale of his verdict, stating “[i]t was Kozeny, it was Azerbaijan, it was a foreign country. We thought [Bourke] knew and definitely could have known. He’s an investor. It’s his job to know.” Another juror, recalling a timeline used by prosecutors during closing argument, said there were too many “red flags” for Bourke not to have known. Another felt bad for Bourke, but emphasized that he had put himself in a “bad situation.”20

'Responsible Corporate Officer' Doctrine Prosecutions

For companies involved in the food and drug industries, the FDA and DOJ have renewed their use of the “responsible corporate officer doctrine” (RCO) to hold executives personally and criminally responsible for violations of the Food Drug and Cosmetic Act (FDCA). Under this doctrine as enunciated in U.S. v. Dotterweich, and U.S. v. Park,21 a corporate officer, in an industry with a direct relationship to the public health and welfare, who has, by reason of his position in the corporation, responsibility and authority to either prevent in the first instance, or promptly to correct, the FDCA violation complained of, and fails to do so, can be convicted of a criminal offense.22 The only defense to such a prosecution is that the “defendant was ‘powerless’ to prevent or correct the violation.”

While there has been no major ground swell in RCO prosecutions, several recent RCO cases demonstrate that the FDA and DOJ are willing to prosecute corporate executives who are passively involved in violations of the FDCA. For example, Marc Hermelin, former Chairman of the Board and CEO of KV Pharmaceutical Company, pleaded guilty to RCO charges and was sentenced to 30 days in jail and ordered to pay a $1 million fine, in connection with the guilty plea of Ethex corporation, a wholly owned subsidiary of KV Pharmaceutical. The admitted facts in the Hermelin case demonstrated that the company became aware of two complaints about oversized morphine sulfate tablets, and that the company disclosed these complaints to the FDA and publically recalled various lots of those tablets. However, the company knew but failed to disclose to the FDA that the oversized tablets were made on “BB2” pill press machines, which could randomly produce some oversized tablets and which were also used to make many other tablet drugs.

In another recent case, Purdue Frederick Company executives were prosecuted, pled guilty and were debarred by the Department of Health and Human Services (HHS), under the RCO doctrine. In that case, Purdue was accused of fraudulent misbranding of the painkiller OxyContin. The prosecution alleged that unnamed employees of the company marketed OxyContin as less addictive and less harmful than other painkillers. The company pleaded guilty to felony misbranding under the FDCA, and paid monetary sanctions of about $600 million. Three Purdue executives—CEO, General Counsel, and medical director—were accused of the misdemeanor of misbranding of a drug and pleaded guilty, for admitted failure to prevent Purdue’s fraudulent marketing of OxyContin. The executives were sentenced to extensive community service, fined $5,000, and ordered to disgorge compensation totaling about $34.5 million. In addition, each was debarred by HHS for 12 years. The debarments were upheld by the U.S. Court of Appeals for the District of Columbia Circuit on July 27, 2012.23

KBR FCPA Case

The FCPA convictions of Kellogg Brown and Root LLC (KBR) and Albert “Jack” Stanley, KBR’s former Chairman and CEO, provide one of the leading examples of the harm that can be caused to a company when a C-suite executive engages in criminal conduct. The case involved Stanley’s and KBR Inc.’s participation in a decade-long scheme (1994–2004) to bribe Nigerian government officials, and to obtain $6 billion in engineering, procurement and construction (EPC) contracts to build liquefied natural gas (LNG) facilities on Bonny Island, Nigeria.24 The scheme involved a conspiracy to pay bribes to a wide range of Nigerian government officials, in order to obtain and retain the EPC contracts. To pay the bribes, the conspirators hired two agents—Tesler and Marubeni Corporation, a Japanese trading company headquartered in Tokyo. At crucial points before the award of the EPC contracts, Stanley and other co-conspirators met with successive holders of a top-level office in the executive branch of the Nigerian government, and asked them to designate a representative with whom the bribes could be negotiated. Many millions of dollars were invested into the Nigerian bribery scheme by the conspirators.

KBR Inc.’s successor company, Kellogg Brown & Root LLC, pleaded guilty in February 2009 to FCPA-related charges for bribery, and was ordered to pay a $402 million fine and to retain an independent compliance monitor for a three-year period to review the design and implementation of its compliance program. KBR’s parent company, KBR, Inc. and its former parent company Halliburton Company, both reached civil settlements with the SEC which enjoined both companies from future violations of the FCPA and required Halliburton to disgorge $177 million in profits and prejudgment interest based on the Bonny Island LNG contracts. Stanley was sentenced to 30 months in prison plus 3 years supervised probation, and ordered to pay $10.8 million in restitution to KBR, the victim of the separate kickback scheme.

The KBR settlements were the result of five years of internal and governmental investigation and negotiation. The large penalty amounts were the result of both improper payments and the degree to which the corrupt scheme permeated the company’s senior management.25

In May 2009, two large institutional investors brought derivative claims against Halliburton and certain of its officers and directors in Texas state court alleging that the company’s leadership was at fault for the Bonny Island-related FCPA misconduct, as well as other unrelated and other assorted wrongdoing. This shareholder litigation was settled and finally approved by the court on September 17, 2012.

The settlement required Halliburton to make structural changes to its corporate governance model. It did not require Halliburton to pay any damages aside from attorneys’ fees (up to $7 million). Among other things, the agreement required Halliburton to:

adopt a claw back provision that allows the company to reclaim incentive compensation provided to former officers and directors found by a court or the company itself to have engaged in illegal behavior

enhance oversight by the Audit Committee in conjunction with the CEO with respect to compliance functions and risk management

establish a Management Compliance Committee to evaluate compliance with the FCPA and other significant state and federal laws, and

perform annual performance reviews for board members and annual consideration of whether CEO and chairman of the board should be the same person.

HSBC DPA

In December 2012, HSBC26 agreed to forfeit $1.256 billion and to enter into a DPA27with the DOJ for HSBC’s violations of the Bank Secrecy Act (BSA), the International Emergency Economic Powers Act (IEEPA) and the Trading With the Enemy Act (TWEA). Pursuant to the DPA, HSBC admitted that HSBC Bank USA violated the BSA by failing to maintain an effective anti-money laundering program and to conduct appropriate due diligence on its foreign correspondent account holders. The HSBC Group violated IEEPA and TWEA by illegally conducting transactions on behalf of customers in Cuba, Iran, Libya, Sudan and Burma—all countries that were subject to sanctions at the time of the transactions. Assistant Attorney General Breuer commented that “HSBC is being held accountable for stunning failures of oversight—and worse—that led the bank to permit narcotics traffickers and others to launder hundreds of millions of dollars through HSBC subsidiaries, and to facilitate hundreds of millions more in transactions with sanctioned countries.”28 The DPA has a 5-year term and contains the standard DOJ provision which states that it only applies to HSBC and does not preclude prosecution of any current or former officers, directors or employees of HSBC. Pursuant to the DPA, HSBC was required, among other things, to take the following actions to address the deficiencies in its C&E program:

to increase its investment in resources and staff allocated to anti money laundering (AML) compliance by approximately nine-fold, even before the entry of the DPA

to strengthen the compliance department’s reporting lines and status within the Bank by:

(i) separating the Legal and Compliance departments and elevating the Chief Compliance Officer (CCO) to the ranks of the top 50 executives

(ii) requiring that the AML compliance director report directly to the CCO, and

(iii) providing that the AML compliance director report directly to the Board and senior management about the status of the Bank’s BSA and AML compliance program on a regular basis.

to give the HSBC Group centralized oversight of every HSBC compliance officer worldwide, thereby ensuring that both accountability and information would flow directly to and from HSBC Group Compliance.

to change HSBC’s senior management bonus structure to require executives to meet compliance standards and values, and to provide that a failure to meet the requirements could result in voiding the entire year-end bonus.

Observations and Recommendations

Careful examination of recent prosecutions, DPAs and NPAs can help companies keep abreast of risk areas and of DOJ’s view of sound compliance practices, while helping the companies to benchmark their own compliance programs. In turn, this practice encourages firms to evaluate and adopt emerging good practices, and improves their position with prosecutors and regulators if they do find themselves facing subsequent allegations of improper conduct.

In reviewing the DPAs and prosecutions of C-suite executives discussed in this paper, it is apparent that:

DPAs do not provide corporate executives amnesty from prosecution

prosecutions of responsible executives take time to investigate and develop and may occur years after a DPA

companies that enter into a DPA are required to cooperate with the DOJ in prosecutions of responsible corporate executives

senior executives can face criminal risk when passively allowing fraud to occur, in at least some instances

DOJ expects the head of the C&E program to have direct access to the Board of Directors and that the C&E program will be separate from the Legal Department

DOJ expects company executive compensation policies and practices to require executives to meet compliance standards and values and provide that a failure to meet the requirements can result in voiding the entire yearend bonus, and

a C&E program cannot be effective unless it:

provides a check and balance on C-suite executives and not just employees of the company, and

ensures that C-suite executives know and understand the legal requirements that apply to their conduct and are provided as much or more training as other employees on the high risk areas of their responsibility.

While prosecutions of responsible executives are widely recognized as providing a strong deterrent to fraud by corporate executives, companies themselves need to do more to deter and detect such misconduct. Where senior executives of a company are involved in committing, condoning or failing to investigate allegations of fraud, the C&E program of the company will not be considered to be effective. At a minimum, companies need to consider additional methods to mitigate the risks of such conduct. In this regard, the requirements reflected in recent DPAs for the chief of the C&E program to have direct access to the board, and not to be subordinate to the legal department, provide additional checks on potential executive misconduct. More, the requirement to tie executive bonus compensation to C&E standards provides a direct incentive for proper conduct, and serves as an additional deterrent for misconduct. Implementing these requirements voluntarily deserves serious consideration by any company seeking to enhance its C&E program, and to manage the risk associated with the potential for fraud in the C-suite.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

All the intelligence you need, in one easy email:

* With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name.